# My test package.
#
#Shared Setup
###################################
$ErrorActionPreference="Stop"
$importExportGUID = [Guid]::NewGuid().ToString()
$tempFile = Join-Path $env:TEMP  ($importExportGUID + ".pfx")

Write-Host "Create And Erase Certificate"
##################################################
$cert = New-Certificate cert:\CurrentUser\My CertificateHelperTest
if (-not $cert.PrivateKey.CspKeyContainerInfo.Exportable) {throw "Key Should be Exportable"}
Remove-Certificate $cert.PSPath


Write-Host "Import Export Test PFX No Password"
##################################################
$cert = New-Certificate cert:\CurrentUser\My ("ImportExport"+$importExportGUID)

#export to temp file
Copy-Certificate $cert.PSPath $tempFile
#Ensure File Exists
if ((test-path $tempFile) -ne $true)
{
    throw "Temp file did not get created on export:$tempFile"
}

#Erase from store
$expectedPathForImportedCert = $cert.PSPath
Remove-Certificate $cert.PSPath
#Import
Copy-Certificate $tempFile cert:\CurrentUser\My
$cert = gi $expectedPathForImportedCert
if (-not $cert.PrivateKey.CspKeyContainerInfo.Exportable) {throw "Imported Key Should Not be Exportable"}

Write-Host "Test non exportable import"
#############################################
Copy-Certificate $tempFile cert:\CurrentUser\My -NotExportable
$cert = gi $expectedPathForImportedCert
if ($cert.PrivateKey.CspKeyContainerInfo.Exportable) {throw "Key Should Not be Exportable"}
Remove-Certificate $expectedPathForImportedCert
Remove-Item $tempFile

Write-Host "Import Export Test PFX With Password"
###################################
$tempFile = Join-Path $env:TEMP  ($importExportGUID + ".pfx")
$cert = New-Certificate cert:\CurrentUser\My ("ImportExport"+$importExportGUID)

#export to temp file
Copy-Certificate $cert.PSPath $tempFile -password 1234
#Ensure File Exists
if (-not (test-path $tempFile ) ) { throw "Temp file did not get created on export:$tempFile" }

#Erase from store
$expectedPathForImportedCert = $cert.PSPath
Remove-Certificate $cert.PSPath

Write-Host "Test Import Fails with bad password"
###################################
# We expect to hit the trap, and then continue. This technique is in powershell in action Pg269.
&{
    trap {
        if ($error[0].Exception.InnerException -is [System.Security.Cryptography.CryptographicException])
        {
            continue;
        }
    }
    &{
        Copy-Certificate $tempFile cert:\CurrentUser\My -password wrong-password 
        throw "Should not get here, should have hit trap handler"
    }
}
#Import w/Correct Password
Copy-Certificate $tempFile cert:\CurrentUser\My -password 1234
$theImportedCert = gi $expectedPathForImportedCert
if (-not $theImportedCert.hasPrivateKey ) { throw "There should be a private key for a .pfx import" }

Remove-Certificate $expectedPathForImportedCert


Write-Host "Import Export Test .CER"
###################################
$cert = New-Certificate cert:\CurrentUser\My ("ImportExport"+$importExportGUID)
$tempFileCer = Join-Path $env:TEMP  ($importExportGUID + ".cer")

#export to temp file
Copy-Certificate $cert.PSPath $tempFileCer

#Ensure File Exists
if (-not (test-path $tempFileCer)) { throw "Temp file did not get created on export:$tempFile" }

#Erase from store
$expectedPathForImportedCert = $cert.PSPath
Remove-Certificate $cert.PSPath

#Import
Copy-Certificate $tempFileCer cert:\CurrentUser\My
$theImportedCert = gi $expectedPathForImportedCert
if ($theImportedCert.hasPrivateKey) { throw "There should not be a private key for a .cer import" }

Remove-Certificate $expectedPathForImportedCert
Remove-Item $tempFileCer

Write-Host "Test non exportable flag for -new"
#############################################
$cert = New-Certificate cert:\CurrentUser\My ("ImportExport"+$importExportGUID) -NotExportable
if ($cert.PrivateKey.CspKeyContainerInfo.Exportable) {throw "Key Should Not be Exportable"}


Echo "All Tests Passed"
